To understand how we secure your data you both have to understand the flow of the data and the base architecture of the NetWatcher™ platform.
The flow of the data
The NetWatcher “On Premise” sensor sits on your network reviewing all of your network traffic for anomalous behavior. If it sees something interesting it will create an event. Events can be anything from a user accessing Dropbox to a user has acquired a piece of malware on their asset (laptop, phone, tablet etc..).
The Sensor communicates events, net flow, and if applicable, associated packets (PCAPs) back to our Defensative Secure Operations Center (DSOC) hosted at Microsoft Azure and additional logic (correlation) will be applied to see if this is an issue where the platform needs to create an Alarm. Note that the sensor does not send all your network traffic back to our DSOC—it only sends the packets that triggered the event.
The DSAP is where the correlation of your events into Alarms occurs and where Alarms are prioritized based on severity. The DSAP then exposes these alarms to a customer portal (https://portal.netwatcher.com/login) where they can be viewed. You can also choose to have the most serious Alarms sent to you via email or SMS and a link back to the portal will be sent to you as alarms occur.
If you are fairly technical and understand TCP/IP and networking logic, you can also configure a setting in your customer portal profile and flag yourself as an ‘Intermediate’ or ‘Advanced’ user and have access to all of the events (and associated PCAPs) occurring on your network.
The NetWatcher sensor and backend infrastructure platform is built on the lightweight CoreOS Linux operating system kernel. The platform heavily leverages “Docker” which allows us to automate the deployment of NetWatcher applications inside software containers, by providing an additional layer of abstraction and automation of operating-system-level virtualization.
For scalability purposes we are load balancing both our services and our database so we can scale with redundancy built in.
Encrypted data is decrypted relying on Azure Key Vault Hardware Security Modules (HSM) certified to FIPS 140-2 level 2 standards – so that our keys stay within the HSM boundary.
Our sensors Identify and Authenticate using client SSL certificates (same as VPN).
Our database is multi-tenant at the data level providing Row Level Security allowing us to restrict at the database level who can read what data.
Location and Control of Data
The NetWatcher cloud service servers currently reside at a Google Cloud datacenter (see Compute Engine (more here) in the US (more here). Google does an incredible job complying with most regulatory requirements (more here). From Google:
The SOC3 report proves that our controls have been examined by an independent accountant. It represents the practitioner’s report on management's assertion(s) that the entity's business being relied upon is in conformity with the applicable Trust Services Principle(s) and Criteria. The full SOC3 audit report is also available for download. The ISO27001 certificate proves the functional scope of this ISO/IEC 27001:2005.